Samba provides file and print services to all manner of

SMB/CIFS clients, including the numerous versions of

Microsoft Windows operating systems. Samba configuration

file is smb.conf:

Sample smb.conf

---------------

[global]

# Domain name ..

workgroup = DOMAIN.NAME

# Server name - as seen by Windows PCs ..

netbios name = SERVER1

# Be a PDC ..

domain logons = Yes

domain master = Yes

# Be a WINS server ..

wins support = true

# allow user privileges

#enable privileges = yes

obey pam restrictions = Yes

dns proxy = No

os level = 35

log file = /var/log/samba/log.%m

max log size = 1000

syslog = 0

panic action = /usr/share/samba/panic-action %d

pam password change = Yes

# Allows users on WinXP PCs to change their password

when they press Ctrl-Alt-Del

unix password sync = no

ldap passwd sync = yes

# Printing from PCs will go via CUPS ..

load printers = yes

printing = cups

printcap name = cups

# Use LDAP for Samba user accounts and groups ..

passdb backend = ldapsam:ldap://localhost

# This must match init.ldif ..

ldap suffix = dc=domain,dc=name

# The password for cn=admin MUST be stored in

/etc/samba/secrets.tdb

# This is done by running 'sudo smbpasswd -w'.

ldap admin dn = cn=admin,dc=domain,dc=name

# 4 OUs that Samba uses when creating user accounts,

computer accounts, etc.

# (Because we are using smbldap-tools, call them

'Users', 'Computers', etc.)

ldap machine suffix = ou=Computers

ldap user suffix = ou=Users

ldap idmap suffix = ou=Idmap

# Samba and LDAP server are on the same server in

this example.

ldap ssl = no

# Scripts for Samba to use if it creates users,

groups, etc.

add user script = /usr/sbin/smbldap-useradd -m '%u'

delete user script = /usr/sbin/smbldap-userdel %u

add group script = /usr/sbin/smbldap-groupadd -p '%g'

delete group script = /usr/sbin/smbldap-groupdel '%g'

add user to group script =

/usr/sbin/smbldap-groupmod -m '%u' '%g'

delete user from group script =

/usr/sbin/smbldap-groupmod -x '%u' '%g'

set primary group script = /usr/sbin/smbldap-usermod

-g '%g' '%u'

# Script that Samba users when a PC joins the domain ..

# (when changing 'Computer Properties' on the PC)

#add machine script = /usr/sbin/smbldap-useradd -w '%u'

add machine script = /usr/sbin/useradd -s /bin/false

-d /home/nobody %u

# Values used when a new user is created ..

# (Note: '%L' does not work properly with

smbldap-tools 0.9.4-1)

logon drive = H:

logon home = \server%U

logon path = \serverProfiles%U

logon script = logon.bat

# This is required for Windows XP client ..

server signing = auto

server schannel = Auto

[homes]

comment = Home Directories

path = /home/users/%U

valid users = %S

read only = No

browseable = No

[netlogon]

comment = Network Logon Service

path = /var/lib/samba/netlogon

admin users = root

guest ok = Yes

browseable = No

[Profiles]

comment = Roaming Profile Share

# would probably change this to elsewhere in a

production system ..

path = /var/lib/samba/profiles

read only = No

profile acls = Yes

browsable = No

hide files = /desktop.ini/ntuser.ini/NTUSER.*/

[printers]

comment = All Printers

path = /var/spool/samba

use client driver = Yes

create mask = 0600

guest ok = Yes

printable = Yes

browseable = No

public = yes

writable = yes

admin users = root

write list = root

[print$]

comment = Printer Drivers Share

path = /var/lib/samba/printers

write list = root

create mask = 0664

directory mask = 0775

admin users = root

Test it with :

# testparm /etc/samba/smb.conf

Load smb config files from /etc/samba/smb.conf

Processing section "[homes]"

Processing section "[netlogon]"

Processing section "[Profiles]"

Processing section "[printers]"

Processing section "[print$]"

Loaded services file OK.

Server role: ROLE_DOMAIN_PDC

Press enter to see a dump of your service definitions